Access Rights

Last modified by Ecaterina Moraru (Valica) on 2020/01/28 14:36

It's a draft for the Access Rights. The rework should be completed until 2010-05.

An overview of rights

Rights can be managed or configured to work on different scopes or layers. A wiki-level setting might act on the whole wiki, or be superseded by a (higher ranking) page-level setting. (*need to improve*)

To further complicate things, there is also group rights and user rights. Therefore can access be granted and forbidden by different groups. If this happens, and there is no higher ranking level, we have a tie. 

Depending on what the right is, the tie is broken differently.

Access table shootout

Name Default  Hierarchy  Tie means  Levels
ViewAllowSmaller winDenypage,space,wiki 
EditAllowSmaller winDenypage,space,wiki 
CommentAllowSmaller winDenypage,space,wiki 
DeleteDenySmaller winDenypage,space,wiki 
AdminDenyLarger winAllowwiki,space 
RegisterAllowN/AAllowwiki 
ProgramDenyN/AAllowwiki 

TODO: Check if Admin is Deny by default, original document say otherwise

Original page starts here

Here is a lists of all the rights available in XWiki and their default setting.

  • Right name: brief description of the right
    • Availability: at what level can you set this right?
      • Page: this right can be set at the page level
      • Space: this right can be set at the space level
      • Wiki: this right can be set at the wiki level
    • Default status: is the right allowed or denied when the checkbox is left blank?
      • ALLOWED: this means that users CAN perform the given action if no other right is set
      • DENIED: this means that users CANNOT perform the given action if no other right is set
    • Priority order: which setting wins over another if an user has 2 different settings?
    • Checking order: at what level is the right checked first?
  • View: whether users can see the page
    • Availability:
      • Page
      • Space
      • Wiki
    • Default status: ALLOWED
    • Priority order: deny > allow > no setting
    • Checking order: page > space > wiki
  • Comment: whether users can add a comment to the page
    • Availability:
      • Page
      • Space
      • Wiki
    • Default status: ALLOWED
    • Priority order: deny > allow > no setting
    • Checking order: page > space > wiki
  • Edit: whether users can edit and save modifications to the page
    • Availability:
      • Page
      • Space
      • Wiki
    • Default status: ALLOWED
    • Priority order: deny > allow > no setting
    • Checking order: page > space > wiki
  • Delete: whether users can delete the page
    • Availability:
      • Page
      • Space
      • Wiki
    • Default status: DENIED (unless you're the document creator)
    • Priority order: deny > allow > no setting
    • Checking order: page > space > wiki
  • Admin: whether users can manage administration settings for the space / wiki
    • Availability:
      • Space (Automatically includes the view, comment, edit, delete rights)
      • Wiki (Automatically includes the view, comment, edit, delete, register, program rights)
    • Default status: ALLOWED
    • Priority order: allow > deny > no setting
    • Checking order: wiki > space
  • Register: whether users can create new user accounts
    • Availability:
      • Wiki
    • Default status: ALLOWED
    • Priority order: allow > deny > no setting
    • Checking order: wiki
  • Program: whether users can use protected APIs & Groovy code in wiki pages
    • Availability:
      • Wiki
    • Default status: DENIED
    • Priority order: allow > deny > no setting
    • Checking order: wiki

Execution order

The full answer lies in the code.

Tags:
   

Get Connected